Skip to content

Update cumulocity-10-20-409-0-fixed-critical-security-issue.md #779

Update cumulocity-10-20-409-0-fixed-critical-security-issue.md

Update cumulocity-10-20-409-0-fixed-critical-security-issue.md #779

Workflow file for this run

name: Build and deploy
on:
workflow_dispatch:
push:
branches:
- develop
- release/y**
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
defaults:
run:
shell: bash
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
jobs:
# Build job
build:
name: Build Hugo
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ matrix.env }}-${{ github.ref }}
cancel-in-progress: false
strategy:
matrix:
env: [staging-resources,prod]
env:
HUGO_VERSION: 0.100.1
environment:
name: ${{ matrix.env }}
steps:
- name: Install Hugo CLI
run: |
wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_Linux-64bit.deb \
&& sudo dpkg -i ${{ runner.temp }}/hugo.deb
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 1
- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
id: extract_branch
- name: Set path and baseURL
run: |
echo "Branch: ${{ steps.extract_branch.outputs.branch }}"
if [[ "${{ steps.extract_branch.outputs.branch }}" == "develop" ]]; then
echo "Branch is develop"
echo BASEURL="${{ secrets.BASE_URL }}" >> $GITHUB_ENV
echo DESTINATION_PATH="${{ secrets.DESTINATION_PATH }}" >> $GITHUB_ENV
else
suffix=$(echo "${{ steps.extract_branch.outputs.branch }}" | sed 's/release\/y//g')
echo "Suffix: ${suffix}"
echo BASEURL="${{ secrets.BASE_URL }}/${suffix}" >> $GITHUB_ENV
echo DESTINATION_PATH="${{ secrets.DESTINATION_PATH }}/${suffix}" >> $GITHUB_ENV
fi
id: path_to_append
- name: Build with Hugo
env:
# For maximum backward compatibility with Hugo modules
HUGO_ENVIRONMENT: production
HUGO_ENV: production
run: |
hugo \
--baseURL "${{ env.BASEURL }}/"
- name: Set known SSH hosts
run: |
mkdir -p ~/.ssh/
echo "${{ secrets.KNOWN_HOSTS }}" > ~/.ssh/known_hosts
- name: Start SSH agent and import private key from secrets
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}"
- name: Upload documentation
run: |
rsync -e 'ssh -A -J ${{ secrets.SSH_USER }}@${{ secrets.SSH_JUMPHOST }}' -avh ./public/* ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:${{ env.DESTINATION_PATH }} --delete